Static Scan Results
scanned 2h ago · by rust-scannerStatic analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcebin/kicad-mcp-pro.jsView file
5const path = require("node:path");
L6: const { spawn } = require("node:child_process");
L7: const pkg = require("../package.json");
L8:
L9: function executableNames() {
L10: return process.platform === "win32" ? ["uvx.cmd", "uvx.exe", "uvx"] : ["uvx"];
L11: }
...
L13: function findOnPath(commandNames) {
L14: const rawPath = process.env.PATH || "";
L15: const entries = rawPath.split(path.delimiter).filter(Boolean);
...
L31: "uvx was not found on PATH.",
L32: "Install uv from https://docs.astral.sh/uv/getting-started/installation/ and retry.",
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/kicad-mcp-pro.jsView on unpkg · L5Findings
1 High2 Medium4 Low
HighSandbox Evasion Gated Capabilitybin/kicad-mcp-pro.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings